{ pkgs, config, data, ... }: let inherit (data.host) rootDomain; mailDomain = data.services.mailserver.domain; gtnhDomain = "gtnh.${rootDomain}"; discDomain = "discourse.testdrive.${rootDomain}"; akkoDomain = "akko429164.testdrive.${rootDomain}"; iceDomain = "ice758549.testdrive.${rootDomain}"; gitSSHPort = data.services.git.sshPort; in { imports = [ ./hardware-configuration.nix ./services/postgres.nix ./services/git.nix ./services/mailserver.nix ./akkotest.nix (fetchTarball { url = "https://github.com/cariandrum22/nixos-vscode-server/tarball/support-for-new-dir-structure-of-vscode-server"; sha256 = "1sp4h0nb7dh7mcm8vdflihv76yz8azf5zifkcbxhq7xz48c8k5pd"; }) ]; systemd.tmpfiles.rules = [ "d /shared/openvscode 2770 root ${config.services.openvscode-server.group}" ]; programs.fish.enable = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; networking.hostName = "lgm-vps1"; networking.domain = "contaboserver.net"; networking.firewall.allowedTCPPorts = [ 80 443 ]; services.openssh = { enable = true; ports = [ 37163 gitSSHPort ]; settings.PermitRootLogin = "no"; settings.PasswordAuthentication = false; extraConfig = '' Match LocalPort ${toString gitSSHPort} AllowUsers forgejo ''; }; networking.nat.enable = true; networking.nat.internalInterfaces = ["ve-+"]; networking.nat.externalInterface = "eth0"; services.endlessh-go = { enable = true; openFirewall = true; port = 22; }; services.vscode-server = { enable = true; nodejsPackage = pkgs.nodejs_18; installPath = "$HOME/.vscodium-server"; }; services.openvscode-server = { enable = true; }; sops = { defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; secrets.example_key = { owner = config.users.users.akkoma.name; group = config.users.users.akkoma.group; }; secrets.porkbun = { sopsFile = ../../secrets/porkbun.env; format = "dotenv"; }; }; users.users.nginx.extraGroups = [ "acme" ]; services.nginx = { enable = true; virtualHosts."${rootDomain}80" = { serverName = rootDomain; rejectSSL = true; default = true; locations."/" = { return = "301 https://${rootDomain}$request_uri"; }; }; virtualHosts.${rootDomain} = { onlySSL = true; useACMEHost = "${rootDomain}"; root = "/var/www/todo"; }; virtualHosts.${gtnhDomain} = { forceSSL = true; useACMEHost = "${rootDomain}"; root = "/var/www/gtnh"; }; virtualHosts.${discDomain} = { forceSSL = true; useACMEHost = "${rootDomain}"; root = "/var/www/todo"; }; # virtualHosts.${akkoDomain} = { # forceSSL = true; # useACMEHost = "${rootDomain}"; # root = "/var/www/todo"; # }; virtualHosts.${iceDomain} = { forceSSL = true; useACMEHost = "${rootDomain}"; root = "/var/www/todo"; }; }; security.acme = { acceptTerms = true; defaults.email = "lgmrszd@disroot.org"; certs.${rootDomain} = { # domain = "*.${rootDomain}"; dnsProvider = "porkbun"; environmentFile = config.sops.secrets.porkbun.path; extraDomainNames = [ mailDomain "*.${rootDomain}" "*.testdrive.${rootDomain}" # gtnhDomain # akkoDomain # iceDomain # discDomain ]; }; }; programs.nh = { enable = true; }; programs.mosh.enable = true; environment.systemPackages = with pkgs; [ git vim tmux sops ]; users.users.lgm = { isNormalUser = true; description = "lgm"; extraGroups = [ "wheel" "docker" config.services.openvscode-server.group ]; shell = pkgs.fish; openssh.authorizedKeys.keys = [''sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHFPA2RhqZIVCLwYuEUDQyOnJ4g1R6IfQyhGqZ2Cvvu+AAAABHNzaDo= lgm@lgm-nixos'']; }; system.stateVersion = "23.11"; }